GHSA-53xj-v576-3ch2

Source

https://github.com/advisories/GHSA-53xj-v576-3ch2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-53xj-v576-3ch2/GHSA-53xj-v576-3ch2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-53xj-v576-3ch2

Aliases

CVE-2019-10802

Published

2021-04-13T15:22:09Z

Modified

2026-03-13T22:11:22.127547Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

OS Command Injection in giting

Details

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull() is executed by the package without any validation.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-09T21:50:02Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "CRITICAL",
    "nvd_published_at": "2020-02-28T21:15:00Z"
}

References

Affected packages

npm / giting

Package

Name: giting; View open source insights on deps.dev
Purl: pkg:npm/giting

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-53xj-v576-3ch2/GHSA-53xj-v576-3ch2.json"